Oracle Cloud Infrastructure Documentation

Applying Remediations

The hardened Oracle Linux STIG Image can't be configured for all the recommended guidance. You must manually confirm any configurations not included in the Oracle Linux STIG Image instance.

For each security rule established by DISA, instructions to apply the appropriate security configuration are provided in the corresponding Oracle Linux Security Technical Implementation Guide.

Important

Some changes to the image might affect an instance's default Oracle Cloud Infrastructure account. If you decide to enforce a rule, study the information about each rule and the reasons for exclusion to fully understand the potential impact on the instance.

Using the Checklist to View More Configurations

Use the checklists provided with the Oracle Linux STIG image to view more "Release Notes" on areas of guidance not included in the image and require further manual configuration. The release notes identify extra configurations that might affect the instances default Oracle Cloud Infrastructure account.

Accessing the Checklist

The Oracle Linux STIG image includes DISA STIG Viewer checklists for both the DISA STIG Benchmark and SCAP Security Guide (SSG) "stig" profile aligned with DISA STIG for Oracle Linux. These checklists are in the /usr/share/xml/stig directory. See Revision History for the specific filename associated with each release.

  • OL<release>_SSG_STIG_<stig-version>_CHECKLIST_RELEASE.ckl - checklist for DISA STIG for Oracle Linux using the SSG "stig" profile scan results.
  • OL<release>_DISA_BENCHMARK_<stig-version>_CHECKLIST_RELEASE.ckl - checklist for DISA STIG Benchmark for Oracle Linux using the SCC Oracle_Linux_<release>_STIG profile scan results.

Viewing the Checklist Release Notes

  1. Download the DISA STIG Viewer tool from: https://public.cyber.mil/stigs/srg-stig-tools/
  2. Open the DISA STIG Viewer tool.
  3. Under Checklist, select Open Checklist from File... and navigate to the checklist file.
  4. Expand the Filter Panel and add the following filter:
    • Must Match: ALL
    • Filter by: Keyword
    • Filter type: Inclusive (+) Filter
    • Keyword: Oracle Release Notes

  5. The release notes provide extra information for the rules:

    Open

    Rules that have been excluded or deemed out of scope.

    Excluded
    Rules that might affect the instance's default Oracle Cloud Infrastructure account and have been excluded from remediation for the Oracle Linux STIG Image.
    Out of Scope
    Rules that are out of scope for remediation on the current release but might be considered for remediation in a future release.
    Not Applicable
    Rules that have been deemed not applicable to the Oracle Linux STIG Image.
    Not reviewed
    Rules that are out of scope for remediation on the current release but might be considered for remediation in a future release.
  6. For each rule, ensure you fully understand the implications to the instance before applying remediation.